package cn.ix.spring.security.controller;

import cn.ix.spring.security.dto.AccountDTO;
import cn.ix.spring.security.entity.Account;
import cn.ix.spring.security.service.AccountService;
import org.springframework.context.annotation.Role;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;

import javax.annotation.Resource;

/**
 * @author lzw
 * @description AccountController
 * @date 2022/3/1
 */
@RestController
@RequestMapping(value = "/account")
public class AccountController {

    @Resource
    private AccountService accountService;

    /**
     * 登录
     *
     * @param account
     * @return
     */
    @PostMapping("/login")
    public AccountDTO login(@RequestBody Account account) {
        return accountService.login(account);
    }

    @GetMapping("/index")
    public String index() {
        return "account/index";
    }

    @GetMapping("/protectedMethod")
    public String protectedMethod() {
        System.out.println("访问受保护的方法");
        return "当前登录用户" + SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString();
    }


    @PreAuthorize("hasAuthority('user_edit')")
    @GetMapping("/edit")
    public String edit() {
        return "account/edit";
    }


    @PreAuthorize("hasRole('admin')")
    @GetMapping("/list")
    public String list(){
        return  "account/list";
    }


    @PreAuthorize("hasRole('super_admin')")
    @GetMapping("/delete")
    public String delete(){
        return  "account/delete";
    }

}
